More than three million Internet users are believed to have installed 15 Chrome, and 13 Edge extensions that contain malicious code, security firm Avast said today.
28 extensions contain code that can perform many malicious operations. Avast said it got the code:
- Redirect user traffic to ads
- Redirect user traffic to phishing sites
- Collect personal data, such as date of birth, email addresses, and active tools
- Collect browsing history
- Further download malware to the user’s device
But despite the code’s presence to power all of the above malicious features, Avast researchers said they believed the primary purpose of the campaign was to hijack user traffic for monetary gain.
“For redirection for every third-party domain, cybercriminals will receive a payment,” the company said.
Avast said it searched the extension last month and found evidence that some had been active since at least December 2018, when some users first started reporting issues with redirecting to other sites.
Malware Researcher Jan Rubin of Avast said that they could not identify whether the extensions were created from the beginning with malicious code or if the code was added via an update when each extension went through a level of popularity.
And many extensions became very popular, with tens of thousands installed. Most did this by presenting them as add-ons that helped users download multimedia content from various social networks, such as Facebook, Instagram, Vimeo, or Spotify.
Avast said it reported its findings to both Google and Microsoft and that the two companies are still investigating the extension.
Google and Microsoft did not return requests for comment in Avast’s report to obtain additional information about the status of their investigation or if they were going to remove the extension.
Below is a list of Chrome extensions that Avast said contained malicious code:
Below is the list of edge extensions in which Avast stated that it contained malicious code:
Until Google or Microsoft decide what their course is, Avast recommends that users uninstall and remove extensions from their browsers.